Wireshark-bugs: [Wireshark-bugs] [Bug 5133] Wireshark vulnerable to DLL hijacking
Date: Wed, 25 Aug 2010 13:55:00 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5133

--- Comment #5 from Gerald Combs <gerald@xxxxxxxxxxxxx> 2010-08-25 13:54:54 PDT ---
Fixes have been checked in in revisions 33916, 33917, and 33924. 33916 and
33917 add SetDllDirectory calls to Wireshark and dumpcap. 33924 adds "safe"
wrappers for LoadLibrary and g_module_open.

With the call to SetDllDirectory in place wireshark.exe and dumpcap.exe still
try to load airpcap.dll, wpcap.dll, packet.dll, and npf.sys from the CWD. With
both fixes in place those DLLs aren't loaded from the CWD. However, Process
Monitor still shows attempts to load SortServer2003Compat.dll. 

I can't find any information on this DLL. If there is a problem here I'm
assuming that it's something Microsoft will have to fix.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.